Your privacy is important to Asmodee. This Privacy Notice explains how we handle and treat your personal data when we do business with you or your company.
This Privacy Notice explains our approach to any personal data that we collect from you or that we have obtained about you from a third party and the purposes for which we process your personal data. It also sets out your rights in respect of our processing of your personal data.
We may collect personal data from you in the course of our business, including when you contact or request information from us, or as a result of your relationship with one or more of our staff or partners.
When you contact Asmodee Nordics on behalf of our supplier, we process some personal data related to you, such as:
- Identification data, including your name and job title,
- Skype address,
- Contact information including the identity and contact information of the company you work for and your email address, where provided,
- Information you provide to us for the purposes of attending meetings and events, including dietary requirements, and
3. How do we use your personal data?
When you contact Asmodee Nordics on behalf of our supplier, we process your personal data in order to manage the relationship with the company that you represent. In that regard we process your personal data for several purposes. In the table below, you can read more about the various purposes of our processing of your personal data in various situations. You can also see which data we process in the different situations and what the legal basis for our processing is.
Purpose for processing
1. Communication with you
When you contact us (e.g. by email), your inquiry will often contain personal data, including your contact details, your affiliation with a certain business and other personal data that you may disclose to us. In certain situations, we may also receive similar personal data about you from third parties, such as your employer or your colleagues. We process such data e.g. to be able to process and answer your inquiries and manage our business relationship.
The legal basis for our processing is article 6(1)(f) of the GDPR as we pursue our legitimate interest in being able to communicate with you or perform our agreement with the business that you represent.
2. Events and meetings
When throwing events or organizing meetings, including related to marketing activities, we may process your contact details and in some cases food restrictions for events, where meals are included.
The legal basis for our processing is article 6(1)(f) of the GDPR, as we pursue our legitimate interest in being able to communicate with you in relation to events and meetings and serve you meals.
4. Who do we disclose your personal data to?
4.1 Disclosure to external third parties We disclose personal data included in our accounting records to the relevant public authorities, including the tax and customs authorities, in connection with our statutory bookkeeping etc. Further, we may disclose your personal data to our relevant business partners, including external advisors, in connection with particular inquiries, agreements or cases.
4.2 Use of processors We make your personal data available to our processors who e.g. host and support our IT systems.
5. Do we transfer your personal data to third countries?
Asmodee uses service providers that are located outside the EU and the EEA. The basis for such transfer is the Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council as we have entered into such standard contractual clauses with the relevant recipients of the data.
If you want additional information about our transfer of Personal Data outside the EU and EEA, including a copy of the relevant security measures, etc., you may make a request for such additional information by contacting us (see section 9 below).
6. How long do we retain your personal data?
We are required to only store your personal data for the period necessary for us to fulfil the purposes for which they were collected. For that reason, we have established the time limits for erasure set out in the table below. As a general rule, we erase or anonymise your personal data according to the time limits stated below unless it is necessary that we continue to store them, e.g. for the purpose of particular cases or the like.
Storage and time limits for erasure
1. Communication with you
As a general rule, data relating to particular cases or agreements with you, or the business you represent, are stored for 5 years after the end of the financial year in which your last inquiry was closed or the agreement was ended.
The personal data are stored e.g. for the purpose of complying with your obligation to present financial statements etc.
As a general rule, we erase data not related to particular case or agreement 6 months after the end of the financial year in which your last inquiry was closed.
2. Events and meetings
As a general rule, data related to events or meetings will be erased 6 months after the event or meeting. Data related to food preferences will be deleted immediately after the event or meeting.
7. Security of your personal data
We are committed to keeping your personal data secure and we have implemented appropriate information security policies, rules and technical measures to protect it from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
8. What are your rights?
You have a number of rights in relation to your personal data. More information about each of these rights is set out below:
- Right to withdraw consent. You have the right to withdraw your consent at any time. You may do so by contacting Asmodee Nordics using the contact details below. If you decide to withdraw your consent, it will not affect the lawfulness of processing based on your consent until the time of withdrawal. If you withdraw your consent, it will not become effective until such time.
- Right to access. If you ask us, we will confirm whether we process your personal data, and if so, we will give you a copy of them.
- Right to rectification. If your personal data are inaccurate or incomplete, you have a right to ask us to correct or complete them.
- Right to erasure. In certain circumstances, you may ask us to erase your personal data. You can ask us to erase your personal data in the following cases: where it is no longer necessary for the purposes for which it was collected; you withdrew your consent; you objected to the processing of your personal data; your personal data has been processed unlawfully; or if the data have to be erased for compliance with a legal obligation. We are not required to comply with your request, e.g. if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
- Right to restriction. In certain circumstances, you may ask us to restrict our use of your personal data. You can ask us to restrict the processing of your personal data where: the accuracy of your personal data is contested; the processing is unlawful, but you do not want it erased; we no longer need the personal data for the purpose of the processing, but they are required to establish, exercise or defend legal claims; to verify the existence overriding grounds following the exercise of your right of objection. Where processing has been restricted, apart from storing, we can only process the data with your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
- Right to data portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have the data transmitted to another data controller, but only where the processing is based on your consent or on the performance of a contract with you, and the processing is carried out by automated means.
- Right to object. In certain circumstances, you have the right to object to our processing of personal data, e.g. where the processing is based on our legitimate interests (see section 3) and with regard to processing related to direct marketing.
You also have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes applicable law. In Denmark, the supervisory authority for the protection of personal data is the Danish Data Protection Agency or Datatilsynet, see www.datatilsynet.dk.
9. Contact and complaints
For further information regarding your rights, to exercise any of your rights, or if you have any complaints or questions regarding the processing of your personal data, please contact firstname.lastname@example.org
10. Changes to this Privacy Notice
We may occasionally change this Privacy Notice, for example, to comply with new requirements imposed by the applicable laws, technical requirements or good commercial practices. We will notify you in case of material changes.